What CPS 230 Means for Your Supply Chain Security

The Australian Prudential Regulation Authority’s (APRA) CPS 230 mandates critical supply chain risk management updates. Financial institutions reliant on third-party services must pay close attention to this mandate. Why? Supply chain security breaches remain a critical issue, actually now affecting over 75% of software supply chains and involving recent high-profile incidents.   CPS 230 therefore aims to act as a shield to better safeguard organizations. To ...

By |2025-07-02T17:46:48+00:00July 2nd, 2025|Governance, Risk & Compliance: GRC, Regulatory Change|

Quantifying Reputational Risk: What GRC Leaders Need to Know

One third-party misstep can damage a brand in a matter of minutes. For example, a data breach can grant hackers access to customer data, a vendor's offensive social media post can trigger public backlash, or a logistics partner’s delay can ruin a product launch. Quantifying reputational risk is now essential. Organizations all around the world face increased pressure. Pressure to assess, monitor, and mitigate reputational ...

By |2025-07-01T19:17:12+00:00July 1st, 2025|Business Resilience, Governance, Risk & Compliance: GRC|

How to Create a Code of Conduct Policy and Living Code Microsite

Compliance training should not stop at Ethics & Compliance courses alone. Adding both a Code of Conduct Policy and a Living Code Microsite takes it to the next level by making it easier for employees to find relevant information while ensuring ongoing alignment. What is a Living Code of Conduct Microsite? A Living Code turns your policy into an interactive digital environment. It aligns with ...

What is Provision 29? The New UK Internal-Controls Declaration is Here

Does your risk management and internal framework really work? Some companies working in the United Kingdom will need to start proving it. Starting with accounting periods that open either on or after 1 January 2026, every company in either the FCA’s commercial companies or closed-ended investment fund categories must make a statement in its annual report confirming whether its risk management and internal control framework ...

Modern GRC is Keeping Companies Ahead

A cyberattack can catch an organization off guard, creating chaos as teams rush to respond. Executives struggle with outdated spreadsheets, while compliance officers juggle siloed point solutions. Without a clear, coordinated approach, important risks can be overlooked. This scenario is all too real for organizations relying on legacy processes. When dashboards run slow and manual spreadsheets fall short, new gaps emerge out of thin air ...

What Is Integrated Enterprise Risk Management and Why Do You Need It?

Integrated enterprise risk management unites every strand of risk. From strategic, operational, financial, regulatory, cyber, to third-party, all forms of risk become streamlined under one data architecture. When things become more centralized, a streamlined workflow ensues. Instead of juggling separate spreadsheets, dashboards, and point solutions, teams instead tap into a shared information hub featuring a single source of truth. One that feeds real-time insight to ...

Amid Cyber Breaches, Operational Safety Saves the Day

When ransomware halts production lines and phishing attacks cripple control systems, cybersecurity alone isn’t enough. It's merely a start. What's next? Organizations need operational safety as their last line of defense. Operational safety ensures that people, processes, and equipment alike keep running effectively and efficiently, even under attack. From regulatory shocks to climate events to supply-chain failures, operational safety protocols shore up continuity when IT ...

By |2025-07-01T18:29:34+00:00June 24th, 2025|Governance, Risk & Compliance: GRC|

Decoding the Current Administration: Implications for E&C and Harassment Training 

The current political landscape is reshaping regulatory priorities. An awareness of which risk mitigation strategies are worth enforcing is critical. This evolution is poised to significantly impact ethics, compliance, and corporate training. With deregulation on the horizon, companies—especially those involved in E&C training—must decode these changes and adapt their programs to stay ahead. (For more, read our perspective, Post-Election Implications for U.S. Ethics & Compliance ...

By |2025-06-17T20:37:58+00:00June 17th, 2025|Ethics & Compliance Learning, Sexual Harassment|

Avoid Conflicts of Interest with AI Compliance Companion

When Emma opened her inbox and found a voucher for a weekend retreat from a past vendor she froze, unsure of what to do next. Was it a friendly gesture or a red flag? This scenario is a common one, but too often it’s left unaddressed by traditional Ethics & Compliance training programs. Standard Conflicts of Interest (COI) trainings list rules, but fall short when ...

By |2025-06-12T18:49:52+00:00June 12th, 2025|Ethics & Compliance Learning|

Best Practices for Managing Operational Risk

A single IT outage doesn’t just interrupt operations. In many cases, it becomes front-page news. In July 2024, CrowdStrike served as a wake-up call when a software glitch caused the largest IT outage in history, disrupting business operations around the world. In early 2025, Barclays customers took to social media as a 14-hour outage left them locked out of their accounts. These incidents have more ...